Why is IIS able to receive HTTP 80 traffic, though the firewall rule is disabled?

Using Windows7 Home Premium. It's a development machine, but that shouldn't matter.

I have IIS installed and can browse to http://localhost websites from the local machine. The default website is set to use port 80.

I added another website to IIS, set it to use 32-bit app pools, and port 81. when I try to browse to it, via localhost, I get "No connection could be made because the target machine actively refused it 127.0.0.1:81"

ok, this is pretty easy, right? Just enable HTTP over port 81 in the Windows firewall, right? I figured to use the port-80 rule in the firewall as a pattern.

To my surprise, there is a port 80 rule in Windows Firewall, but it is not enabled. This is a snip from the Windows Firewall MMC:

enter image description here

Yet I am able to connect to localhost via port 80.
and I am not able to connect to localhost port 81.

WHY?

Cheeso

Posted 2011-08-10T15:16:13.883

Reputation: 2 002

That's neat/weird. Do you have multiple nics or something? I've found IIS to be profoundly crazy when it comes to binding to ports. Still, this seems like weird behavior. Maybe you have some malware compromising your firewall? – James T Snell – 2011-08-10T15:34:58.573

Answers

I'm pretty sure the firewall doesn't block/inspect the localhost/loopback address (127.0.0.1) because it's your computer. So since the target and source are the same, there's really nothing to firewall.

When you enabled port 81, or fully disable the firewall could you then access the 2nd site? If not, you may have an IIS configuration problem, and not a firewall problem.

Ƭᴇcʜιᴇ007

Posted 2011-08-10T15:16:13.883

Reputation: 103 763

I did not enable port 81 - I did not add a rule for port 81 - because I'm confused as to why port 80 works with no rule enabled. ?? If port 80 works, why does port 81 NOT work? I don't want to hack around in the firewall doing things that are unnecessary or irrelevant. I'd like to first understand how port 80 works before trying to get port 81 to work. – Cheeso – 2011-08-10T15:33:20.993

2@Cheeso - Well what I'm saying is that port 80 (really, any port) works regardless of the firewall rules, because you are contacting it via the LocalHost address (127.0.0.1); the request is not leaving your computer, so the firewall doesn't see/process it. – Ƭᴇcʜιᴇ007 – 2011-08-10T15:59:18.280

I understand. That's what I thought initially too. Except that port 81 does not work for localhost. So ..... your theory that no port is subject to firewall if accessed from localhost - cannot be correct. Ports 80 and 81 are behaving differently. I would like to know why. That was my original question. Maybe I am missing something about the firewall model. Is there a difference between "enable the port" and "add a rule"? Is port 80 "enabled" for local access via something other than the rule which I can see, a rule which is clearly disabled? – Cheeso – 2011-08-10T16:48:12.333

2You were right: It was an IIS configuration problem - having to do with 32 bit sites and 64 bit dlls. thanks. – Cheeso – 2011-08-10T17:54:13.067

Sort inbound rules on Local Port and see if other rules allow connections to port 80. For example, there is some rule in default rules set - "Windows Remote Management - Compatibility Mode (HTTP-In)", which also allows port 80 connections, and it is enabled by default.

LVlad

Posted 2011-08-10T15:16:13.883

Reputation: 11